Cryptome DVDs are offered by
Cryptome. Donate $25 for two DVDs of the
Cryptome 12-years collection of 46,000 files from June 1996 to June 2008
(~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West
89th Street, New York, NY 10024. The collection includes all files of
cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org,
and 23,000 (updated)
pages of counter-intelligence dossiers declassified by the US Army Information
and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere
worldwide without extra cost.

Web

cryptome.org

cryptome.info

jya.com

eyeball-series.org

cryptome.cn

Excerpts of pages 138-147 from:

Information Warfare

Electromagnetic Eavesdropping

Any electrical current produces a magnetic field. A television station broadcasts
a very small magnetic field from its antenna atop the World Trade Center
or in a corn field in Iowa, and a portable TV set in your home can pick up
and display Mr. Ed reruns or Murphy Brown in startling clarity. Let's take
this thought one step further. Computers, printers, fax machines, and video
monitors are also electrical devices that conduct current and they too emit
magnetic fields. Guess what? These magnetic fields can be picked up by a
special receiver, too, and can be read in startling clarity, invisibly,
passively, and with little fear of detection. Sounds like an ideal tool for
the Information Warrior.

A computer is actually a miniature transmitter broadcasting all of its
information into the air, where it is ripe for the picking. From an electrical
standpoint, the CRT or monitor of a computer is the "loudest" component,
meaning that the magnetic field it produces is the strongest. Back in the
early days of computers, in the days of Radio Shack TRS-80 ("Trash 80s"),
Commodore Pets, and VIC-20s, users often experienced severe interference
from their computers on their TV sets.

Many of us set up our computers in the living room so we could spend quality
time with our families, watch M*A*S*H and play with our latest adult
toys. But we also noticed that unless the computers were a safe distance
from the TV, the picture was virtually unwatchable. Wavy lines scrolled across
and up and down the screen and "noise" filled the picture. If we rotated
the computer and sat at a different chair at the dining room table, the
interference was less objectionable. If we moved the computer into the bedroom,
the interference often went away. To satisfy our desire to watch TV and still
peck away at BASIC, we would twiddle for nights on end trying to optimize
the picture on the boob tube by minimizing the interference. That might mean
finding the only place in the room that would allow us to enjoy both diversions
at once, or it might mean using three rolls of properly placed and shaped
rolls of Reynolds Wrap around the computer and on the TV aerial. We were
trying to shield the television set from the electromagnetic radiation emitted
by the computer and its monitor. Little did most of know then that we were
experiencing a phenomenon that the National Security Agency had buried deep
within their classified Tempest program. The government had known about the
national security problems associated with computer-based electromagnetic
radiation for years.

Electromagnetic eavesdropping is a formidable weapon to the Information Warrior.
Twenty years later the government still shrouds much of the issue in secrecy,
and it is only due to the efforts of independent researchers not controlled
by the secrecy laws concomitant with government employment that we understand
just how much of a risk electromagnetic eavesdropping really is.

Since every computer unintentionally broadcasts information into the air
(except those few especially built to tightly-guarded NSA Tempest
specifications), the Information Warrior has the means to detect, save, and
read every bit of information that passes through a computer and onto a video
monitor. And he can do it passively, from some distance, without your ever
being the wiser.

Detecting and recovering this data is not possible only for the intelligence
community or super-high-tech whiz bangers. The ability to read computer screens
from a remote location is available to anyone with a modicum of knowledge
of basic electronics. Your television repairman is an ideal candidate for
assisting your local Information Warrior. Morgan Death, a former Vice President
at Hughes STX, wrote, "Many individuals and corporations have no idea how
easy it is to obtain information from electronic radiations. They thought
of Tempest protection as a black art that only the intelligence community
had to worry about.''[1]

In its simplest form, an electromagnetic eavesdropping device consists of
no more than a black and white television set and a handful of parts costing
less than $5. The interception we experienced with the Trash 80s was the
actual video signal (the characters that cross the computer screen) being
picked up by the TV antenna. The computer monitor leaks this information
at about the same frequencies used by channels two through seven on the TV.
All we need to do is tune them in and voila!, we have an echo of what appears
on our computer screen. The reason we couldn't read the Trash 80 characters
on our TV set was that the detected signals had lost their "sync," or
synchronization. The information was there, but it fell apart. The Information
Warrior simply puts it back together again.

A television set modified to pick up computer screen emissions needs to have
two signals added to those unintentionally leaked by the monitor under
surveillance. The first is the vertical sync which, on a TV set, is called
vertical hold. The second signal needed is the horizontal sync. If either
of these signals is maladjusted, the TV will endlessly "roll" up and down
or left to right, as the case may be. (Readers who owned early generation
television sets can easily relate to the frustration.) The radiated signals
from a computer combined with these two sync signals will produce a perfectly
readable copy of whatever appears on the computer with no wires connecting
the two. To add more fuel to the fire, the data displayed on the video screen
can be detected even when the video monitor itself is turned off.

Many audiences to whom I speak find this simple item alarming and discomforting,
thereby leading to a degree of incredulity -- until they see the demonstrations.
In September of 1991, on Geraldo Rivera's ill-fated TV show, "Now! It Can
Be Told," I demonstrated what I believe was the first national broadcast
of electromagnetic eavesdropping.[2] Despite the fact that
atomic bombs were going off in the background, the demonstration was real.

The publicity surrounding electromagnetic eavesdropping first reached a furor
in 1985 when a Dutch scientist, Professor Wim van Eck, published an unclassified
paper on the subject.[3] He stated that, based upon his
studies, "it seems justified to estimate the maximum reception distance using
only a normal TV receiver at around 1km....''[4] As a result
of the publication of this document, electromagnetic eavesdropping was popularly
dubbed "van Eck radiation." According to Tempest engineers certified by the
National Security Agency, the NSA department responsible for the security
of the Tempest program went ballistic. They classified the Van Eck report,
which included very exacting details and mathematical analysis that they
had considered to be exclusively under their domain. Tempest engineers were
forbidden, as part of their security agreement with the Government, from
speaking about or acknowledging any details of van Eck's work.

But the cat was already out of the bag. The prestigious and scholarly journal
Computers and Security discussed van Eck in its December 1985 issue,
to the continued chagrin of the intelligence community, and in 1988, the
British Broadcasting Corporation aired a segment on the phenomenon which
is similarly classified in England.[5]

This impressive demonstration was conducted in London, with the detection
equipment set up in a van that roamed the streets. The technicians in the
unassuming van would lock into "interesting" computer signals, emanating
from law offices and brokerage firms located in London high rises, from a
distance of several hundred feet. They then recorded the impressively clear
computer-screen images on a video tape. When company executives were brought
into the van, they viewed a playback of the video tape that demonstrated
the capability for remote passive eavesdropping of highly sensitive information.
The impact of such capability was evident on their shocked faces and in their
commentary. According to Tempest technicians, the NSA classified this tape
along with van Eck's publicly available papers.

Swedish television broadcast a similar demonstration on a show called "Aktuellt."
These demonstrations provided conclusive evidence that the risk to privacy
and the sanctity of information was real. Despite our government's efforts
at hiding the potential risk to American businesses, van Eck radiation was
becoming widely known everywhere and to everyone else but us.

In 1990, Professor Erhard Moller of Aachen University in Germany published
a detailed update to van Eck's work with such eavesdropping. To this date,
the NSA still classifies these protective measures in their Tempest program.
They allegedly went so far as to classify portions of a university text book
written by the legendary expert in electromagnetic control, Don
White.[6]

On the home front, Hughes STX (a division of Hughes Aircraft) demonstrated
van Eck emissions using a circa-1955 Dumont tube television console set and
a small portable black and white unit as receptors. Not only are van Eck
radiations broadcast into the air, but water pipes, sprinkler systems, and
power lines are excellent conduits, offering ideal tap points for interception.
Attaching a wire to a hot water pipe and watching computer screen images
appear on a television set is a most disquieting experience, but one that
cannot be ignored.

Jim Carter, president of Bank Security in Houston, Texas, has also been
publicizing the phenomenon at such events as HoHoCon, the annual hacker's
conference, and Jim Ross's Surveillance Expo in Washington, D.C. His experiences
with Van Eck were highlighted in 1991 when, in cooperation with Benjamin
Franklin Savings and Loan, he demonstrated how to successfully attack a Diebold
ATM machine. He says that, using Van Eck radiation, "we got all of the
information we needed to reconstruct an ATM card." Carter says that he notified
Diebold of the vulnerability to their machines and to their customers. They
flew a couple of engineers down "but after two years, we're still waiting
for them to get back to us. They really don't give a damn if they fix the
problem or not."

Today, if you don't have the expertise to build your own, you can actually
buy a van Eck unit, priced from $500 to $2,000, from any number of catalogs.
The results range from godawful to darn good. One company, Spy Supply in
New Hampshire, no longer sells their unit. According to one of the company's
principals, Bob Carp, they were approached by the NSA and strongly urged
to discontinue sales immediately or risk the wrath of the
government.[7]

Another company, Consumertronics in Alamogordo, New Mexico, claims to sell
a van Eck detection unit for educational purposes only. However, reading
their literature and catalog of product offerings suggests other
motives.[8] On the high end, sophisticated and expensive
test equipment such as that built by Watkins-Johnson of Gaithersburg, Maryland,
and an assortment of other U.S. and foreign companies, provide an excellent
means to detect a wide range of signals and reconstruct video signals of
good quality.

The NSA has gone to extraordinary lengths to maintain the secrecy surrounding
van Eck radiation, such as asking Spy Supply to cease and desist and classifying
portions of engineering text books that might give too much away. By attempting
to bury the issue as completely as possible and allowing discussions of value
to occur only under the veil of national security, they have done this country
and its industries a great disservice. To the best of my knowledge, they
have never openly discussed the realities of van Eck radiation, thus reducing
its credibility as a threat in the eyes of corporate America and the protectors
of its information. The unfortunate rationale of many security professionals
is "if it's not officially acknowledged, then it can't be real."

A few years back, after the initial flare-up of concern about electromagnetic
eavesdropping, Chase Manhattan Bank ran some internal test to determine their
vulnerability. Based upon their home-brew tests, they determined, "Quite
frankly, at the bank, we're not overly concerned about screens being
read."[9]

However, in the fall of 1992, Chemical Bank found themselves the apparent
target of exactly this type of eavesdropping by unknown Information Warriors.
According to Don Delaney of the New York State Police, bank officials were
alerted that an antenna was pointed at their midtown New York bank offices,
where a large number of ATM machines and credit card processing facilities
are located. For reasons that the bank will not discuss, they elected not
to pursue the matter although the police offered
assistance.[10] From external appearances, it seems that
Chemical Bank was the target of what has generically become known as a Tempest
attack.

Because van Eck detection is so simple, so insidious, and so passive, the
number of reported incidents is bound to be low. In addition, most people
aren't even aware of the capability so they wouldn't recognize it if they
saw it. A major U.S. chemical company, however, did know that it was the
target of industrial espionage using van Eck techniques. The security director
of the firm was an ex-CIA employee, well-trained in surveillance techniques.
He said that he was alerted by the sight of a Toyota van sitting in the parking
lot near one of the company's research and development buildings. What caught
his attention was an antenna on the roof of the van, which appeared to be
scanning the area and fixing itself on the R&D facility. Although he
can't prove his countermeasures solved anything, the van quickly disappeared
after he shielded the targeted labs from emitting van Eck radiations.
[11]

There are plenty of methods to protect against Information Warriors who want
to eavesdrop on screens, keyboards and printers, but a question of legality
arises. According to one author, "In the United States, it is illegal for
an individual to take effective countermeasures against Tempest
surveillance.''[12] This statement is ominous if taken
at face value. It implies that electromagnetic eavesdropping is commonly
practiced in domestic surveillance activities. Could this be one reason why
the NSA has been so rigorous in its efforts at downplaying the matter?

Perhaps. The NSA and other government agencies do use these techniques and
do have their own surveillance vans, complete with van Eck detection equipment.
A specially- constructed chassis is made by Ford Mother Company, so that
the eavesdropping van cannot be eavesdropped upon. The vans are then outfitted
with the very best surveillance technology that the Pentagon's billions can
buy. Who are they listening to? No one I know will say, but their capabilities
are most impressive. The NSA recently developed a custom unintegrated circuit
employing specialized Fast Fourier Transforms (FFTs), that will enhance the
clarity and range of the van Eck detection equipment substantially, as well
as significantly reduce the size of the surveillance
equipment.[13]

I assume that by now the problem becomes explicitly clear. The computer screens
that we once thought were private are, in fact, veritable radio stations.
The keyboard strokes that we enter on our computer are also transmitted into
the air and onto conduit pipes and power lines. An A at the keyboard
sends out an electromagnetic A into the air or down the sprinkler
pipes and any digital oscilloscope, in the hands of a professional, can detect
the leaking signals with ease. A keyboard B emits an electromagnetic
B, a C at the keyboard sends out its unique signature, and
so it goes for the rest of the keyboard. PIN numbers or other potentially
sensitive information can be detected, stored, and decoded with the right
equipment in the right hands.

Printers, too, betray the privacy of their users; generally unbeknownst to
them, but all too well known by the Information Warrior in search of information.
The NSA uses a classified technique called digram analysis to assist in
eavesdropping on van Eck emanations from printers. Each printer type has
its own unique sets of electromagnetic patterns, depending upon how it was
designed and built. The NSA will buy one of each, analyze its patterns, and
then be more easily able to decode the intercepted information patterns.

As the story goes, during a very intensive security sweep of the American
Embassy in Moscow in the early 1980s, a small transmitter was found inside
of a classified telex machine. Allegedly, it listened to the electromagnetic
patterns generated by the telex machine and retransmitted the raw signals
to a secondary listening post where the Soviets performed their own digram
analysis to read sensitive U.S. Government messages.

Since there is virtually no way to know that a computer or printer is being
"van Ecked", there is no reliable method to determine what losses might actually
have been incurred due to electromagnetic eavesdropping. The possibilities
for speculation are endless. Exploitation of van Eck radiation appears to
be responsible, at least in part, for the arrest of senior CIA intelligence
officer Aldrich Hazen Ames on charges of being a Soviet/Russian mole. According
to the affidavit in support of Arrest Warrant, the FBI used "electronic
surveillance of Ames' personal computer and software within his residence,"
in their search for evidence against him. On October 9, 1993, the FBI "placed
an electronic monitor in his (Ames') computer,''[14] suggesting
that a van Eck receiver and transmitter was used to gather information on
a real-time basis. Obviously, then, this is an ideal tool for criminal
investigation -- one that apparently works quiet well.

In 1991, I designed a few scenarios for a defense think tank in order to
define the needs of an urban Information Warrior who wants to use this approach.
The simplest approach involved a portable van Eck detector with its own
transmitter and receiver, so that it could be remotely tuned into the computer,
printer, or video monitor of choice. Smaller detectors are more expensive
but offer advantages to the Information Warrior, who could easily plant a
small receiver in the basement of a building, leave it there unattended,
and sit a comfortable distance away, scanning and listening for the information
he wanted.

Consider the following. An Information Warrior who has profit as his motive
uses van Eck detection equipment to listen in on the computer of a brokerage
firm. They are planning to issue either astoundingly good or astoundingly
bad news on one of their clients, which will soon have a major impact on
its stock price. Now that he knows this "insider information," he makes the
appropriate financial decisions and buys or sells or shorts a big block of
stock with the intent of making a financial killing. Can the Information
Warrior be prosecuted for this? There is no clear answer at this time.

Perhaps the CEO of a major company is worried about the outcome of future
litigation, and would give anything to know what the opposing counsel was
planning. Electromagnetic eavesdropping could easily provide him with that
information -- and there is hardly any chance that he would ever be caught.
Invisible, passive, and insidious.

Van Eck detection also lends itself nicely to the exploitation of Binary
Schizophrenia or other social malaises we discussed earlier. Imagine that
the goal of the Information Warrior is to exacerbate friction among upper
management of a company. If certain sensitive and supposedly private information
were acquired by our insidiously invisible detection equipment and "accidentally"
leaked into the wrong hands, all members of the management team would suspect
one another of being likely culprits.

Or if a customer's personal financial data were acquired from a bank's computers
and properly leaked to the right people, the bank would be suspected of and
possibly legally responsible for fiduciary irresponsibility. That it would
lose a customer in the process goes without saying. While the press might
not use such techniques itself, sometimes they don't know and don't care
where and how information is obtained. Companies are embarrassed enough when
stories appear on activities that aren't meant for public disclosure.
Electromagnetic eavesdropping only provides one additional means to effect
breaches of privacy and confidentiality.

According to Mark Baven, an editor at Government Data Systems, "In
today's volatile financial market, where inside information can lead to millions
of dollars of profits, a raid on a corporation's vital data . . . could be
extremely worthwhile. The cost of implementing Tempest technology would be
far offset by the potential savings that such security would provide."

The one thing we can be sure of is that the technology to listen in on computer
leakage will only become better and better and cheaper and cheaper, just
as all technology does. At one point or another, business is going to have
to decide that its only protection against passive information interception
is an active defense.